Skip to content

SANDBOX-1889: update CRD default phoneLookupMode to disabled#1273

Closed
fbm3307 wants to merge 1 commit into
codeready-toolchain:masterfrom
fbm3307:phone-lookup-default-disabled
Closed

SANDBOX-1889: update CRD default phoneLookupMode to disabled#1273
fbm3307 wants to merge 1 commit into
codeready-toolchain:masterfrom
fbm3307:phone-lookup-default-disabled

Conversation

@fbm3307

@fbm3307 fbm3307 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor

Generated CRD update reflecting the default phoneLookupMode change from "log" to "disabled" in the API types.

Summary by CodeRabbit

  • Bug Fixes
    • Updated the default phone verification behavior so phone risk checks are now skipped unless explicitly enabled.
    • Clarified the configuration description to match the new default setting.

Generated CRD update reflecting the default phoneLookupMode change
from "log" to "disabled" in the API types.

Co-authored-by: Cursor <cursoragent@cursor.com>
@openshift-ci

openshift-ci Bot commented Jul 6, 2026

Copy link
Copy Markdown

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fbm3307

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@coderabbitai

coderabbitai Bot commented Jul 6, 2026

Copy link
Copy Markdown

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Repository YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 35a5b130-afde-4f55-8f93-5a1e80bb622f

📥 Commits

Reviewing files that changed from the base of the PR and between 715f8ae and ef512df.

📒 Files selected for processing (1)
  • config/crd/bases/toolchain.dev.openshift.com_toolchainconfigs.yaml
🔗 Linked repositories identified

CodeRabbit considers these linked repositories for cross-repo context during reviews:

  • codeready-toolchain/registration-service (manual)
  • codeready-toolchain/member-operator (manual)
  • codeready-toolchain/api (manual)
  • codeready-toolchain/toolchain-common (manual)
  • codeready-toolchain/host-operator (manual)
  • codeready-toolchain/toolchain-e2e (manual)
📜 Recent review details
⏰ Context from checks skipped due to timeout. (2)
  • GitHub Check: test
  • GitHub Check: GolangCI Lint
⚠️ CI failures not shown inline (2)

GitHub Actions: publish-components-for-e2e-tests / Build & push operator bundles & dashboard image for e2e tests: SANDBOX-1889: update CRD default phoneLookupMode to disabled

Conclusion: failure

View job details

##[group]Run actions/checkout@v7
 with:
   ref: phone-lookup-default-disabled
   repository: fbm3307/host-operator
   fetch-depth: 0
   ***REDACTED***
   ssh-strict: true
   ssh-user: git
   persist-credentials: true
   clean: true
   sparse-checkout-cone-mode: true
   fetch-tags: false
   show-progress: true
   lfs: false
   submodules: false
   set-safe-directory: true
   allow-unsafe-pr-checkout: false
 env:
   GOPATH: /tmp/go
 ##[endgroup]
 ##[error]Refusing to check out fork pull request code from a 'pull_request_target' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.

GitHub Actions: publish-components-for-e2e-tests / 0_Build & push operator bundles & dashboard image for e2e tests.txt: SANDBOX-1889: update CRD default phoneLookupMode to disabled

Conclusion: failure

View job details

##[group]Run actions/checkout@v7
 with:
   ref: phone-lookup-default-disabled
   repository: fbm3307/host-operator
   fetch-depth: 0
   ***REDACTED***
   ssh-strict: true
   ssh-user: git
   persist-credentials: true
   clean: true
   sparse-checkout-cone-mode: true
   fetch-tags: false
   show-progress: true
   lfs: false
   submodules: false
   set-safe-directory: true
   allow-unsafe-pr-checkout: false
 env:
   GOPATH: /tmp/go
 ##[endgroup]
 ##[error]Refusing to check out fork pull request code from a 'pull_request_target' workflow. This workflow runs with the base repository's GITHUB_TOKEN, secrets, default-branch cache scope, and runner access. Fetching and executing a fork's code in that trusted context commonly leads to "pwn request" vulnerabilities. To opt in, review the risks at https://gh.io/securely-using-pull_request_target and set 'allow-unsafe-pr-checkout: true' on the actions/checkout step.
🧰 Additional context used
📓 Path-based instructions (1)
**

⚙️ CodeRabbit configuration file

-Focus on major issues impacting performance, readability, maintainability and security. Avoid nitpicks and avoid verbosity.

Files:

  • config/crd/bases/toolchain.dev.openshift.com_toolchainconfigs.yaml
🔀 Multi-repo context

Linked repositories findings

codeready-toolchain/api

  • api/v1alpha1/toolchainconfig_types.go:400-405 still documents and defaults PhoneLookupMode to "log" (+kubebuilder:default="log"), so the API source is now out of sync with the CRD default changed in this PR.
  • api/v1alpha1/zz_generated.openapi.go:2948-2950 still says Defaults to "log", so generated API docs/OpenAPI also lag behind the new "disabled" default.

codeready-toolchain/registration-service

  • pkg/configuration/configuration.go:332-336 returns toolchainv1alpha1.PhoneLookupModeLog when phoneLookupMode is unset. That means runtime behavior still treats the missing field as "log", so this PR only changes behavior if the CRD/defaulted config actually reaches the service as "disabled".

codeready-toolchain/member-operator

  • No matches for phoneLookupMode / Twilio Lookup / verification terms in the broad search; no direct consumer found.

codeready-toolchain/toolchain-common

  • No direct references to phoneLookupMode or Twilio Lookup behavior in the broad search.
🔇 Additional comments (1)
config/crd/bases/toolchain.dev.openshift.com_toolchainconfigs.yaml (1)

368-372: 🗄️ Data Integrity & Integration | 🏗️ Heavy lift

CRD default now out of sync with upstream API source and registration-service fallback.

The CRD is normally generated from the api repo's kubebuilder markers via controller-gen, but that repo's toolchainconfig_types.go still has +kubebuilder:default="log" (and the generated OpenAPI docs still say Defaults to "log"). If the CRD is regenerated from that source without updating it first, this change will be silently reverted. Additionally, registration-service's configuration.go still falls back to PhoneLookupModeLog when the field is unset, so even with this CRD default fixed, runtime behavior may still default to "log" unless that fallback is also updated.

Confirm the api repo type definition and registration-service fallback are updated in lockstep with this CRD change to avoid the default silently reverting or diverging from actual runtime behavior.

Source: Linked repositories


Walkthrough

The default value for the phoneLookupMode field in the ToolchainConfig CRD schema was changed from "log" to "disabled", with the accompanying description text updated to reflect that phone risk checks are skipped by default.

Changes

CRD Default Value Update

Layer / File(s) Summary
Update phoneLookupMode default
config/crd/bases/toolchain.dev.openshift.com_toolchainconfigs.yaml
Changed the default value of spec.host.registrationService.verification.phoneLookupMode from "log" to "disabled" and updated the field description accordingly.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Suggested labels: chore

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title clearly and accurately summarizes the main change: updating the CRD default phoneLookupMode to disabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

@sonarqubecloud

sonarqubecloud Bot commented Jul 6, 2026

Copy link
Copy Markdown

@coderabbitai coderabbitai Bot added the chore Routine repo or tooling maintenance label Jul 6, 2026
@fbm3307

fbm3307 commented Jul 6, 2026

Copy link
Copy Markdown
Contributor Author

wrong branch

@fbm3307 fbm3307 closed this Jul 6, 2026
@fbm3307 fbm3307 deleted the phone-lookup-default-disabled branch July 6, 2026 09:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

approved chore Routine repo or tooling maintenance

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant